Category: Security

Aug 24 2015

Exposed Ashley Madison members targeted by scammers and extortionists

Ars has already chronicled the feeding frenzy among lawyers trying to capitalize on the epic Ashley Madison data breach. Now there's word of scam sites charging hefty fees to expunge the data of exposed members and attempts to extort people caught up in the privacy nightmare.

One of the best known offenders is known as Trustify, which bills itself as a private investigator service. According to security researcher Troy Hunt, Trustify is sending unsolicited e-mails with the subjects such as "Your boss might know" to many of the 36 million addresses included in the resulting dump.

"There are ways to hide the exposed details, but first you need to see what information can be found across the Web," one of the e-mails states, glossing over the reality that the highly personal data leaked in the Ashley Madison hack is a permanent part of the Internet record. "Talk with our experienced investigative consultants to learn how you can find our [sic] what incriminating information is available and could ruin your life."

Read 4 remaining paragraphs | Comments

Aug 24 2015

Sundown exploit kit adds Internet Explorer exploit before any other kit

The Sundown exploit kit has been the first to integrate an exploit for the CVE 2015-2444 bug, using it in a recent watering-hole attack.

Aug 24 2015

Reflective satellites may be the future of high-end encryption

Quantum key distribution is regularly touted as the encryption of the future. While the keys are exchanged on an insecure channel, the laws of physics provide a guarantee that two parties can exchange a secret key without knowing whether they're being overheard. This unencrypted-but-secure form of key exchange circumvents one of the potential shortcomings of some forms of public key systems.

However, quantum key distribution (QKD) has one big downside: the two parties need to have a direct link to each other. So, for instance, banks in and around Geneva use dedicated fiber links to perform QKD, but they can only do this because the link distance is less than 100km. These fixed and short links are an expensive solution. A more flexible solution is required if QKD is going to be used for more general encryption purposes.

A group of Italian researchers have demonstrated the possibility of QKD via a satellite, which in principle (but not in practice) means that any two parties with a view of a satellite can exchange keys.

Read 20 remaining paragraphs | Comments

Aug 24 2015

Ashley Madison offers $500,000 reward amid reports of member suicides

An international roster of police and private investigators are vowing to vigorously pursue the people who hacked the Ashley Madison dating website for cheaters, with the cheating site offering a $500,000 reward and appealing for help from hackers around the world.

The full-court press comes amid a report of at least two suicides of people whose personal information was included in the massive dump of account data for Ashley Madison, which carried the tag line "Life is short. Have an affair." It's too early to say if the exposures were the proximate reason the individuals took their lives, but the deaths were discussed during a press conference the Toronto Police Service held early Monday morning. Bryce Evans, acting staff superintendent, said the outing of so many people in committed relationships cheating on their partners crossed a line that could destroy lives and careers of millions of people around the world.

Wakeup call

He called on hackers around the world to provide tips to law enforcement agencies working to identify the people who thoroughly rooted the servers of Ashley Madison parent company Avid Life Media. He also said the investigation was being carried out jointly by his department, the Royal Canadian Mounted Police, the US Department of Homeland Security, the FBI, and others. Additionally, he said Avid Life Media has pledged a $500,000 reward for information leading to the identification of the people responsible for the compromise, who have dubbed themselves Impact Team.

Read 4 remaining paragraphs | Comments